Eric Witzling
Posts: 120 +2
Bit of history on this one.
Two days ago I was called in because the computer was operating slowly. Taking a look, there were dozens of dllhost.exe processes running, taking up memory space largely in the 30MB to 250MB range. I ran normal cleanup tools up to and including tdsskiller (which cured two Win32.patched.pj trojans infecting c:\Windows\system32\rpcss.dll - identified as "DcomLaunch" and "RpcSs" services), rkill, JRT, adwcleaner, and combofix. Following that, I allowed the onboard A/V and anti-malware (Vipre Business and MalwareBytes) to run manual scans, along with SuperAntiSpyware portable.
The tdss-detected trojans remained gone and the dllhost.exe processes never returned, and things seemed OK. Yesterday, however, users reported "Chrome Errors" popping up on-screen where it would crash. Chrome is installed on the PC, but it was not in use, and I was instead seeing dozes of "browser.exe" processes running, and also "werfault.exe"s as the errors built up.
The browser.exe processes are task-killable, but pop up shortly afterward. I traced them to some folders in the user's LocalLow directory (CottonVisual, ReceiverRadio, ReceiverSync) that are recreated even if deleted. This seems to be a pretty recent type of infection, which nothing has caught up to yet. Will appreciate any and all advice.
-----------------------------------------------
I can't install the version of MalwareBytes you mention, because MB has already been on and installed for years. There is a monitoring and maintenance software package on these computers that include MB 1.65.1.1000
I can paste the log from the manual scan I ran after the other tools, however:
Malwarebytes Anti-Malware (MSP) 1.65.1.1000
www.malwarebytes.org
Database version: v2014.08.26.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
bella :: NCJAR-NEX-1011 [administrator]
Protection: Enabled
8/26/2014 4:08:03 PM
mbam-log-2014-08-26 (16-08-03).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 629629
Time elapsed: 1 hour(s), 35 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCR\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\ (Rootkit.Poweliks) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\OhlapGedce\OhlapGedce.dat (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\setup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\etzia.exe (Trojan.Zbot.gen) -> Quarantined and deleted successfully.
(end)
-------------------------------
I cannot at the moment run DDS with the PC offline and A/V disconnected. If you need me to do that, I should be able to at a later date. Results are below:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545
Run by bella at 11:04:33 on 2014-08-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3493.2394 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\SAAZOD\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\PROGRA~1\SAAZOD\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe
C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\UI0Detect.exe
C:\PROGRA~1\SAAZOD\zSCC\zInCCM.exe
C:\PROGRA~1\SAAZOD\zSCC\zCCM.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\timeout.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [ocx] "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden "[reflection.assembly]::load((gp -path 'hkcu:software\classes\clsid').OCX).GetType('gm.ks').GetMethod('m').Invoke(0,@('Installer'));"
uRun: [BrowserWireless] c:\windows\system32\rundll32.exe "c:\users\bella\appdata\local\browserwireless\BrowserWireless.dll",DllRegisterServer
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [PC Meter Connect] c:\program files\pitney bowes\pc meter connect\mailstationAssistant.exe minimize
mRun: [SBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Launcher] c:\program files\sminst\Launcher.exe
StartupFolder: c:\users\bella\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bella\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://control.itsupport247.net/components/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722
TCP: NameServer = 192.168.0.20
TCP: Interfaces\{C8C75108-648B-43C0-B933-860C92875C7D} : NameServer = 192.168.0.20,8.8.8.8,208.67.222.222
TCP: Interfaces\{C8C75108-648B-43C0-B933-860C92875C7D} : DHCPNameServer = 192.168.0.20
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-10-17 112800]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-20 47640]
R2 MBAMScheduler;MBAMScheduler;c:\progra~1\saazod\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-6 399432]
R2 MBAMService;MBAMService;c:\progra~1\saazod\malwarebytes' anti-malware\mbamservice.exe [2013-1-6 676936]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2011-5-31 82760]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.exe [2011-10-19 86856]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2011-10-19 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2009-4-30 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2011-10-19 86856]
R2 SBAMSvc;VIPRE Business;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2012-10-16 3675976]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-8-1 66344]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2012-10-16 175496]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-10-17 2656536]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-17 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-6 22856]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-10-17 41088]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-6-10 69504]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-6-10 161664]
R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2012-10-15 75552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2010-7-30 20600]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-5-16 43368]
S3 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-20 1343400]
S4 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2011-5-31 82760]
S4 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2011-10-19 78664]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
S4 ZEvtSVC;ZEvtSVC;c:\progra~1\saazod\zscc\zEvtSVC.exe [2011-8-9 232752]
.
=============== Created Last 30 ================
.
2014-08-28 14:11:46 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-28 13:57:20 -------- d-----w- C:\ComboFix
2014-08-28 13:42:31 -------- d-----w- C:\FRST
2014-08-28 09:15:52 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d12a5873-8071-40f5-b2be-dc99599d41db}\offreg.dll
2014-08-28 09:14:45 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d12a5873-8071-40f5-b2be-dc99599d41db}\mpengine.dll
2014-08-27 17:28:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-26 20:12:31 -------- d-----w- c:\users\bella\appdata\roaming\SUPERAntiSpyware.com
2014-08-26 20:12:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-08-26 18:56:51 98816 ----a-w- c:\windows\sed.exe
2014-08-26 18:56:51 256000 ----a-w- c:\windows\PEV.exe
2014-08-26 18:56:51 208896 ----a-w- c:\windows\MBR.exe
2014-08-26 18:45:13 -------- d-----w- c:\windows\ERUNT
2014-08-26 18:40:52 -------- d-----w- C:\AdwCleaner
2014-08-26 18:22:41 -------- d-----w- C:\TDSSKiller_Quarantine
2014-08-26 04:48:58 -------- d-----w- c:\programdata\OhlapGedce
2014-08-25 03:56:23 -------- d-----w- C:\5a792bb
2014-08-23 22:30:50 -------- d-----w- c:\users\bella\appdata\local\BrowserWireless
2014-08-21 04:04:09 509440 ----a-w- c:\windows\system32\qedit.dll
2014-08-17 12:54:22 -------- d-----w- c:\users\bella\appdata\local\ServerAudio
2014-08-12 19:35:24 -------- d--h--w- c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-08-03 09:11:17 -------- d-----w- c:\users\bella\appdata\roaming\b65b63
2014-08-03 09:11:12 -------- d-----w- c:\users\bella\appdata\local\b65b63
2014-08-03 09:10:01 -------- d-----w- c:\users\bella\appdata\local\3328503800
.
==================== Find3M ====================
.
2014-08-26 18:32:04 376832 ----a-w- c:\windows\system32\rpcss.dll
2014-08-05 13:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-19 13:10:33 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-07-19 13:10:33 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-07-19 13:10:32 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-07-19 13:10:32 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-09 13:08:49 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
============= FINISH: 11:05:16.65 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2011 5:00:53 PM
System Uptime: 8/28/2014 9:35:53 AM (2 hours ago)
.
Motherboard: Intel Corporation | | DH67BL
Processor: Intel(R) Core(TM) i3-2102 CPU @ 3.10GHz | LGA1155 | 1581/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 403.56 GiB free.
E: is Removable
G: is CDROM ()
R: is NetworkDisk (NTFS) - 250 GiB total, 173.813 GiB free.
T: is NetworkDisk (NTFS) - 250 GiB total, 173.813 GiB free.
U: is NetworkDisk (NTFS) - 250 GiB total, 173.813 GiB free.
W: is NetworkDisk (NTFS) - 250 GiB total, 173.813 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: mbr
Device ID: ROOT\LEGACY_MBR\0000
Manufacturer:
Name: mbr
PNP Device ID: ROOT\LEGACY_MBR\0000
Service: mbr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&1A0384BD&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&1A0384BD&0&2
Service:
.
==== System Restore Points ===================
.
RP7551: 7/18/2014 5:44:15 AM - Windows Update
RP7552: 7/21/2014 9:42:48 PM - Windows Update
RP7553: 7/21/2014 9:43:44 PM - Windows Update
RP7554: 7/21/2014 9:44:01 PM - Windows Update
RP7555: 7/21/2014 9:44:27 PM - Windows Update
RP7556: 7/21/2014 9:44:52 PM - Windows Update
RP7557: 8/26/2014 7:24:00 PM - Scheduled Checkpoint
RP7558: 8/28/2014 5:13:55 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.07)
Avery Wizard 4.0
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
FileMaker Pro 8.5
GFI Business Agent
Google Chrome
Google Update Helper
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 16.5.2.0
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
ITSupport247-DPMA
Junk Mail filter update
KONICA MINOLTA bizhub 751/601
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink YouCam
LG Power Tools
LogMeIn
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nexlink Recovery Center
PC Meter Connect
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
ShopAtHome.com Helper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Windows Driver Package - Pitney Bowes (DM150Drv) USB (07/04/2010 2.0.1.5)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/28/2014 9:36:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
8/28/2014 9:36:14 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain NORTHCENT due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
8/28/2014 9:30:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
8/28/2014 9:28:54 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:54 AM, Error: Service Control Manager [7034] - The Interactive Services Detection service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:54 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/28/2014 9:28:46 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SB Recovery Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZWatchDog service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZServerPlus service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZScheduler service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZDPMACTL service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZ RMM Agent Presence-PR service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/28/2014 9:28:45 AM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/28/2014 10:10:42 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/26/2014 4:08:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NCJARTERM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C8C75108-648B-43C0-B933-860C9287. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
Two days ago I was called in because the computer was operating slowly. Taking a look, there were dozens of dllhost.exe processes running, taking up memory space largely in the 30MB to 250MB range. I ran normal cleanup tools up to and including tdsskiller (which cured two Win32.patched.pj trojans infecting c:\Windows\system32\rpcss.dll - identified as "DcomLaunch" and "RpcSs" services), rkill, JRT, adwcleaner, and combofix. Following that, I allowed the onboard A/V and anti-malware (Vipre Business and MalwareBytes) to run manual scans, along with SuperAntiSpyware portable.
The tdss-detected trojans remained gone and the dllhost.exe processes never returned, and things seemed OK. Yesterday, however, users reported "Chrome Errors" popping up on-screen where it would crash. Chrome is installed on the PC, but it was not in use, and I was instead seeing dozes of "browser.exe" processes running, and also "werfault.exe"s as the errors built up.
The browser.exe processes are task-killable, but pop up shortly afterward. I traced them to some folders in the user's LocalLow directory (CottonVisual, ReceiverRadio, ReceiverSync) that are recreated even if deleted. This seems to be a pretty recent type of infection, which nothing has caught up to yet. Will appreciate any and all advice.
-----------------------------------------------
I can't install the version of MalwareBytes you mention, because MB has already been on and installed for years. There is a monitoring and maintenance software package on these computers that include MB 1.65.1.1000
I can paste the log from the manual scan I ran after the other tools, however:
Malwarebytes Anti-Malware (MSP) 1.65.1.1000
www.malwarebytes.org
Database version: v2014.08.26.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
bella :: NCJAR-NEX-1011 [administrator]
Protection: Enabled
8/26/2014 4:08:03 PM
mbam-log-2014-08-26 (16-08-03).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 629629
Time elapsed: 1 hour(s), 35 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCR\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\ (Rootkit.Poweliks) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\ProgramData\OhlapGedce\OhlapGedce.dat (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\setup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\etzia.exe (Trojan.Zbot.gen) -> Quarantined and deleted successfully.
(end)
-------------------------------
I cannot at the moment run DDS with the PC offline and A/V disconnected. If you need me to do that, I should be able to at a later date. Results are below:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545
Run by bella at 11:04:33 on 2014-08-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3493.2394 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\PROGRA~1\SAAZOD\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\PROGRA~1\SAAZOD\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\SAAZOD\zRealTime\SAAZappr.exe
C:\PROGRA~1\SAAZOD\SAAZDPMACTL.exe
C:\PROGRA~1\SAAZOD\SAAZScheduler.exe
C:\PROGRA~1\SAAZOD\SAAZServerPlus.exe
C:\PROGRA~1\SAAZOD\SAAZWatchDog.exe
C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
C:\PROGRA~1\SAAZOD\zRealTime\rtHlpDk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exe
C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\UI0Detect.exe
C:\PROGRA~1\SAAZOD\zSCC\zInCCM.exe
C:\PROGRA~1\SAAZOD\zSCC\zCCM.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\timeout.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [ocx] "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden "[reflection.assembly]::load((gp -path 'hkcu:software\classes\clsid').OCX).GetType('gm.ks').GetMethod('m').Invoke(0,@('Installer'));"
uRun: [BrowserWireless] c:\windows\system32\rundll32.exe "c:\users\bella\appdata\local\browserwireless\BrowserWireless.dll",DllRegisterServer
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [PC Meter Connect] c:\program files\pitney bowes\pc meter connect\mailstationAssistant.exe minimize
mRun: [SBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Launcher] c:\program files\sminst\Launcher.exe
StartupFolder: c:\users\bella\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bella\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://control.itsupport247.net/components/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=722
TCP: NameServer = 192.168.0.20
TCP: Interfaces\{C8C75108-648B-43C0-B933-860C92875C7D} : NameServer = 192.168.0.20,8.8.8.8,208.67.222.222
TCP: Interfaces\{C8C75108-648B-43C0-B933-860C92875C7D} : DHCPNameServer = 192.168.0.20
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
.
============= SERVICES / DRIVERS ===============
.
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2011-10-17 112800]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-10-20 47640]
R2 MBAMScheduler;MBAMScheduler;c:\progra~1\saazod\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-6 399432]
R2 MBAMService;MBAMService;c:\progra~1\saazod\malwarebytes' anti-malware\mbamservice.exe [2013-1-6 676936]
R2 SAAZappr;SAAZ RMM Agent Presence-PR;c:\progra~1\saazod\zrealtime\SAAZappr.exe [2011-5-31 82760]
R2 SAAZDPMACTL;SAAZDPMACTL;c:\progra~1\saazod\SAAZDPMACTL.exe [2011-10-19 86856]
R2 SAAZScheduler;SAAZScheduler;c:\progra~1\saazod\SAAZScheduler.exe [2011-10-19 77824]
R2 SAAZServerPlus;SAAZServerPlus;c:\progra~1\saazod\SAAZServerPlus.exe [2009-4-30 77824]
R2 SAAZWatchDog;SAAZWatchDog;c:\progra~1\saazod\SAAZWatchDog.exe [2011-10-19 86856]
R2 SBAMSvc;VIPRE Business;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2012-10-16 3675976]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-8-1 66344]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2012-10-16 175496]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-10-17 2656536]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-10-17 269824]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-6 22856]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-10-17 41088]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-6-10 69504]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-6-10 161664]
R3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2012-10-15 75552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2010-7-30 20600]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-5-16 43368]
S3 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe --> c:\progra~1\mcafee\sitead~1\mcsacore.exe [?]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-20 1343400]
S4 SAAZapsc;SAAZ RMM Agent Presence-SC;c:\progra~1\saazod\zrealtime\SAAZapsc.exe [2011-5-31 82760]
S4 SAAZRemoteSupport;SAAZRemoteSupport;c:\progra~1\saazod\SAAZRemoteSupport.exe [2011-10-19 78664]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
S4 ZEvtSVC;ZEvtSVC;c:\progra~1\saazod\zscc\zEvtSVC.exe [2011-8-9 232752]
.
=============== Created Last 30 ================
.
2014-08-28 14:11:46 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-28 13:57:20 -------- d-----w- C:\ComboFix
2014-08-28 13:42:31 -------- d-----w- C:\FRST
2014-08-28 09:15:52 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d12a5873-8071-40f5-b2be-dc99599d41db}\offreg.dll
2014-08-28 09:14:45 8581864 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d12a5873-8071-40f5-b2be-dc99599d41db}\mpengine.dll
2014-08-27 17:28:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-26 20:12:31 -------- d-----w- c:\users\bella\appdata\roaming\SUPERAntiSpyware.com
2014-08-26 20:12:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-08-26 18:56:51 98816 ----a-w- c:\windows\sed.exe
2014-08-26 18:56:51 256000 ----a-w- c:\windows\PEV.exe
2014-08-26 18:56:51 208896 ----a-w- c:\windows\MBR.exe
2014-08-26 18:45:13 -------- d-----w- c:\windows\ERUNT
2014-08-26 18:40:52 -------- d-----w- C:\AdwCleaner
2014-08-26 18:22:41 -------- d-----w- C:\TDSSKiller_Quarantine
2014-08-26 04:48:58 -------- d-----w- c:\programdata\OhlapGedce
2014-08-25 03:56:23 -------- d-----w- C:\5a792bb
2014-08-23 22:30:50 -------- d-----w- c:\users\bella\appdata\local\BrowserWireless
2014-08-21 04:04:09 509440 ----a-w- c:\windows\system32\qedit.dll
2014-08-17 12:54:22 -------- d-----w- c:\users\bella\appdata\local\ServerAudio
2014-08-12 19:35:24 -------- d--h--w- c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2014-08-03 09:11:17 -------- d-----w- c:\users\bella\appdata\roaming\b65b63
2014-08-03 09:11:12 -------- d-----w- c:\users\bella\appdata\local\b65b63
2014-08-03 09:10:01 -------- d-----w- c:\users\bella\appdata\local\3328503800
.
==================== Find3M ====================
.
2014-08-26 18:32:04 376832 ----a-w- c:\windows\system32\rpcss.dll
2014-08-05 13:20:02 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-07-19 13:10:33 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-07-19 13:10:33 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2014-07-19 13:10:32 85832 ----a-w- c:\windows\system32\LMIinit.dll
2014-07-19 13:10:32 31560 ----a-w- c:\windows\system32\LMIport.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-09 13:08:49 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
.
============= FINISH: 11:05:16.65 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/19/2011 5:00:53 PM
System Uptime: 8/28/2014 9:35:53 AM (2 hours ago)
.
Motherboard: Intel Corporation | | DH67BL
Processor: Intel(R) Core(TM) i3-2102 CPU @ 3.10GHz | LGA1155 | 1581/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 403.56 GiB free.
E: is Removable
G: is CDROM ()
R: is NetworkDisk (NTFS) - 250 GiB total, 173.813 GiB free.
T: is NetworkDisk (NTFS) - 250 GiB total, 173.813 GiB free.
U: is NetworkDisk (NTFS) - 250 GiB total, 173.813 GiB free.
W: is NetworkDisk (NTFS) - 250 GiB total, 173.813 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: mbr
Device ID: ROOT\LEGACY_MBR\0000
Manufacturer:
Name: mbr
PNP Device ID: ROOT\LEGACY_MBR\0000
Service: mbr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&1A0384BD&0&2
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&1A0384BD&0&2
Service:
.
==== System Restore Points ===================
.
RP7551: 7/18/2014 5:44:15 AM - Windows Update
RP7552: 7/21/2014 9:42:48 PM - Windows Update
RP7553: 7/21/2014 9:43:44 PM - Windows Update
RP7554: 7/21/2014 9:44:01 PM - Windows Update
RP7555: 7/21/2014 9:44:27 PM - Windows Update
RP7556: 7/21/2014 9:44:52 PM - Windows Update
RP7557: 8/26/2014 7:24:00 PM - Scheduled Checkpoint
RP7558: 8/28/2014 5:13:55 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.07)
Avery Wizard 4.0
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
FileMaker Pro 8.5
GFI Business Agent
Google Chrome
Google Update Helper
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 16.5.2.0
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
ITSupport247-DPMA
Junk Mail filter update
KONICA MINOLTA bizhub 751/601
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink YouCam
LG Power Tools
LogMeIn
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nexlink Recovery Center
PC Meter Connect
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
ShopAtHome.com Helper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Windows Driver Package - Pitney Bowes (DM150Drv) USB (07/04/2010 2.0.1.5)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/28/2014 9:36:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
8/28/2014 9:36:14 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain NORTHCENT due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
8/28/2014 9:30:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
8/28/2014 9:28:54 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:54 AM, Error: Service Control Manager [7034] - The Interactive Services Detection service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:54 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/28/2014 9:28:46 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SB Recovery Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZWatchDog service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZServerPlus service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZScheduler service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZDPMACTL service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The SAAZ RMM Agent Presence-PR service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The Intel(R) PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
8/28/2014 9:28:45 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/28/2014 9:28:45 AM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/28/2014 10:10:42 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/26/2014 4:08:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NCJARTERM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C8C75108-648B-43C0-B933-860C9287. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================